Using Ixia-c to test RTBH DDoS mitigation
Remote Triggered Black Hole Scenario describes how to use the Ixia-c traffic generator to simulate a DDoS flood attack. Ixia-c supports the Open Traffic Generator API that is used in the article to program two traffic flows: the first representing normal user traffic (shown in blue) and the second representing attack traffic (show in red).
The article goes on to demonstrate the use of remotely triggered black hole (RTBH) routing to automatically mitigate the simulated attack. The chart above shows traffic levels during two simulated attacks. The DDoS mitigation controller is disabled during the first attack. Enabling the controller for the second attack causes to attack traffic to be dropped the instant it crosses the threshold.
The diagram shows the Containerlab topology used in the Remote Triggered Black Hole Scenario lab (which can run on a laptop). The Ixia traffic generator's eth1 interface represents the Internet and its eth2 interface represents the Customer Network being attacked. Industry standard sFlow telemetry from the Customer router, ce-router, streams to the DDoS mitigation controller (running an instance of DDoS Protect). When the controller detects a denial of service attack it pushed a control via BGP to the ce-router, Continue reading
Data Center Switching ASICs Tradeoffs
A brief mention of Broadcom ASIC families in the Networking Hardware/Software Disaggregation in 2022 blog post triggered an interesting discussion of ASIC features and where one should use different ASIC families.
Like so many things in life, ASIC design is all about tradeoffs. Usually you’re faced with a decision to either implement X (whatever X happens to be), or have high-performance product, or have a reasonably-priced product. It’s very hard to get two out of three, and getting all three is beyond Mission Impossible.
‘Integration Tax’ Limits Network Automation
For every dollar spent on a new tech product, it costs several dollars to integrate that product. How can businesses overcome those costly obstacles that impede network engineering and ops teams' abilities to deploy new tech, like automation?Potential Routing and Management Limitations in Private 5G Deployments
Businesses are expecting private 5G networks to be as easy to install and manage as Wi-Fi. And with few exceptions, that’s not the case right now.Day Two Cloud 149: On-Prem Cloud Networking With Netris (Sponsored)
Today's Day Two Cloud sponsor Netris promises to deliver a cloud-like experience for running your physical network. Netris software lets you build a private cloud on premises, and integrates with Terraform and Kubernetes. Our guest is Alex Saroyan, Netris CEO and founder.Thinking Outside the Box for Network Acceleration
There is a continued push to go even “faster.” Lowering port to port latency while maintaining features and increasing link speeds and system density is a significant technology challenge for designers and the laws of physics. Since the first release of Arista’s 7100 and 7150 switch families, the company has been a partner in building best-in-class low latency trading networks that are today deployed in global financial institutions and trading locations.
Cutting edge customers took the approach of disaggregating network functions into pools of functionality – extremely fast Layer 1 switching, operating as low as 5 ns and FPGA-driven trading pipelines running at under 40 ns with the Arista 7130 family. This approach allowed more sophisticated L2 / L3 networking functionality, such as the ability to tap any flow or enable routing protocols, to run on general-purpose systems, including the Arista 7050X, 7060X and 7170 full-featured platforms, using merchant silicon with billions of packets per second and low latency.
MLAG Deep Dive: System Overview
Multi-Chassis Link Aggregation (MLAG) – the ability to terminate a Port Channel/Link Aggregation Group on multiple switches – is one of the more convoluted1 bridging technologies2. After all, it’s not trivial to persuade two boxes to behave like one and handle the myriad corner cases correctly.
In this series of deep dive blog posts, we’ll explore the intricacies of MLAG, starting with the data plane considerations and the control plane requirements resulting from the data plane quirks. If you wonder why we need all that complexity, remember that Ethernet networks still try to emulate the ancient thick yellow cable that could lose some packets but could never reorder packets or deliver duplicate packets.
Juniper vMX on GNS3
Juniper Network has several products tha can be run on virtualization (hypervisor), such as KVM and ESXi. Those products include vMX (router), vSRX (firewall / security), vQFX (switch), and so on. The virtual Juniper products ease us to deploy it on lab or simulator, even on the production environment, which is run on the hypervisor. […]Continue reading...
Juniper vMX on GNS3
Juniper Network has several products tha can be run on virtualization (hypervisor), such as KVM […]
The post Juniper vMX on GNS3 first appeared on Brezular's Blog.
Easier Network Visibility Using SaaS
The following post is by Sehjung Hah at VMware. We thank VMware for being a sponsor. Catch up and listen to VMware’s latest podcast with Packet Pushers introducing vRealize Network Insight Universal with Ethan Banks and Ned Bellavance on Day 2 Cloud 145: Tech Bytes: Flexible Cloud Migration Using VMware vRealize Network Insight Universal. More details are available in […]
The post Easier Network Visibility Using SaaS appeared first on Packet Pushers.